Cargo.lock

@@ -1076,7 +1076,6 @@ dependencies = [
  "loole",
  "lru-cache",
  "rand 0.8.5",
- "recaptcha-verify",
  "regex",
  "reqwest",
  "ruma",
@@ -3752,17 +3751,6 @@ dependencies = [
  "crossbeam-utils",
 ]
 
-[[package]]
-name = "recaptcha-verify"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "71e3be7b2e46e24637ac96b0c9f70070f188652018573f36f4e511dcad09738a"
-dependencies = [
- "reqwest",
- "serde",
- "serde_json",
-]
-
 [[package]]
 name = "redox_syscall"
 version = "0.5.13"

conduwuit-example.toml

@@ -441,26 +441,6 @@
 #
 #registration_token_file =
 
-# The public site key for reCaptcha. If this is provided, reCaptcha
-# becomes required during registration. If both captcha *and*
-# registration token are enabled, both will be required during
-# registration.
-#
-# IMPORTANT: "Verify the origin of reCAPTCHA solutions" **MUST** BE
-# DISABLED IF YOU WANT THE CAPTCHA TO WORK IN 3RD PARTY CLIENTS, OR
-# CLIENTS HOSTED ON DOMAINS OTHER THAN YOUR OWN!
-#
-# Registration must be enabled (`allow_registration` must be true) for
-# this to have any effect.
-#
-#recaptcha_site_key =
-
-# The private site key for reCaptcha.
-# If this is omitted, captcha registration will not work,
-# even if `recaptcha_site_key` is set.
-#
-#recaptcha_private_site_key =
-
 # Controls whether encrypted rooms and events are allowed.
 #
 #allow_encryption = true

src/api/client/account.rs

@@ -291,34 +291,19 @@ pub(crate) async fn register_route(
 	}
 
 	// UIAA
-	let mut uiaainfo = UiaaInfo {
+	let mut uiaainfo;
-		flows: Vec::new(),
+	let skip_auth = if services.globals.registration_token.is_some() {
-		completed: Vec::new(),
-		params: Box::default(),
-		session: None,
-		auth_error: None,
-	};
-	let mut skip_auth = body.appservice_info.is_some();
-	if services.globals.registration_token.is_some() {
 		// Registration token required
-		uiaainfo.flows.push(AuthFlow {
+		uiaainfo = UiaaInfo {
-			stages: vec![AuthType::RegistrationToken],
+			flows: vec![AuthFlow {
-		});
+				stages: vec![AuthType::RegistrationToken],
-	}
+			}],
-	if services.config.recaptcha_private_site_key.is_some() {
+			completed: Vec::new(),
-		if let Some(pubkey) = &services.config.recaptcha_site_key {
+			params: Box::default(),
-			// ReCaptcha required
+			session: None,
-			uiaainfo
+			auth_error: None,
-				.flows
+		};
-				.push(AuthFlow { stages: vec![AuthType::ReCaptcha] });
+		body.appservice_info.is_some()
-			uiaainfo.params = serde_json::value::to_raw_value(&serde_json::json!({
-				"m.login.recaptcha": {
-					"public_key": pubkey,
-				},
-			}))
-			.expect("Failed to serialize recaptcha params");
-			skip_auth = skip_auth || is_guest;
-		}
 	} else {
 		// No registration token necessary, but clients must still go through the flow
 		uiaainfo = UiaaInfo {
@@ -328,8 +313,8 @@ pub(crate) async fn register_route(
 			session: None,
 			auth_error: None,
 		};
-		skip_auth = skip_auth || is_guest;
+		body.appservice_info.is_some() || is_guest
-	}
+	};
 
 	if !skip_auth {
 		match &body.auth {

src/core/config/check.rs

@@ -180,28 +180,19 @@ pub fn check(config: &Config) -> Result {
 		}
 	}
 
-	if config.recaptcha_site_key.is_some() && config.recaptcha_private_site_key.is_none() {
-		return Err!(Config(
-			"recaptcha_private_site_key",
-			"reCAPTCHA private site key is required when reCAPTCHA site key is set."
-		));
-	}
-
 	if config.allow_registration
 		&& !config.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
 		&& config.registration_token.is_none()
 		&& config.registration_token_file.is_none()
-		&& config.recaptcha_site_key.is_none()
 	{
 		return Err!(Config(
 			"registration_token",
-			"!! You have `allow_registration` enabled without a token or captcha configured \
+			"!! You have `allow_registration` enabled without a token configured in your config \
-			 which means you are allowing ANYONE to register on your continuwuity instance \
+			 which means you are allowing ANYONE to register on your conduwuit instance without \
-			 without any 2nd-step (e.g. registration token, captcha), which is FREQUENTLY \
+			 any 2nd-step (e.g. registration token). If this is not the intended behaviour, \
-			 abused by malicious actors. If this is not the intended behaviour, please set a \
+			 please set a registration token. For security and safety reasons, conduwuit will \
-			 registration token. For security and safety reasons, continuwuity will shut down. \
+			 shut down. If you are extra sure this is the desired behaviour you want, please \
-			 If you are extra sure this is the desired behaviour you want, please set the \
+			 set the following config option to true:
-			 following config option to true:
 `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`"
 		));
 	}

src/core/config/mod.rs

@@ -556,24 +556,6 @@ pub struct Config {
 	/// example: "/etc/continuwuity/.reg_token"
 	pub registration_token_file: Option<PathBuf>,
 
-	/// The public site key for reCaptcha. If this is provided, reCaptcha
-	/// becomes required during registration. If both captcha *and*
-	/// registration token are enabled, both will be required during
-	/// registration.
-	///
-	/// IMPORTANT: "Verify the origin of reCAPTCHA solutions" **MUST** BE
-	/// DISABLED IF YOU WANT THE CAPTCHA TO WORK IN 3RD PARTY CLIENTS, OR
-	/// CLIENTS HOSTED ON DOMAINS OTHER THAN YOUR OWN!
-	///
-	/// Registration must be enabled (`allow_registration` must be true) for
-	/// this to have any effect.
-	pub recaptcha_site_key: Option<String>,
-
-	/// The private site key for reCaptcha.
-	/// If this is omitted, captcha registration will not work,
-	/// even if `recaptcha_site_key` is set.
-	pub recaptcha_private_site_key: Option<String>,
-
 	/// Controls whether encrypted rooms and events are allowed.
 	#[serde(default = "true_fn")]
 	pub allow_encryption: bool,

src/service/Cargo.toml

@@ -111,7 +111,6 @@ webpage.workspace = true
 webpage.optional = true
 blurhash.workspace = true
 blurhash.optional = true
-recaptcha-verify = { version = "0.1.5", default-features = false }
 
 [lints]
 workspace = true

src/service/uiaa/mod.rs

@@ -177,34 +177,6 @@ pub async fn try_auth(
 			// Password was correct! Let's add it to `completed`
 			uiaainfo.completed.push(AuthType::Password);
 		},
-		| AuthData::ReCaptcha(r) => {
-			if self.services.config.recaptcha_private_site_key.is_none() {
-				return Err!(Request(Forbidden("ReCaptcha is not configured.")));
-			}
-			match recaptcha_verify::verify(
-				self.services
-					.config
-					.recaptcha_private_site_key
-					.as_ref()
-					.unwrap(),
-				r.response.as_str(),
-				None,
-			)
-			.await
-			{
-				| Ok(()) => {
-					uiaainfo.completed.push(AuthType::ReCaptcha);
-				},
-				| Err(e) => {
-					error!("ReCaptcha verification failed: {e:?}");
-					uiaainfo.auth_error = Some(ruma::api::client::error::StandardErrorBody {
-						kind: ErrorKind::forbidden(),
-						message: "ReCaptcha verification failed.".to_owned(),
-					});
-					return Ok((false, uiaainfo));
-				},
-			}
-		},
 		| AuthData::RegistrationToken(t) => {
 			let tokens = self.read_tokens().await?;
 			if tokens.contains(t.token.trim()) {